抗合谋攻击能力可调的有状态组密钥更新协议  被引量：1

作　　者：敖丽 刘璟 姚绍文[1] 武楠 AO Li;LIU Jing;YAO Shaowen;WU Nan(School of Software,Yunnan University,Kunrning Yunnan 650500,China;School of Information Science and Engineering,Yunnan University Kunming Yunnan 650500,China)

机构地区：[1]云南大学软件学院,昆明650500 [2]云南大学信息学院,昆明650500

出　　处：《计算机应用》2018年第5期1372-1376,1382,共6页journal of Computer Applications

基　　金：国家自然科学基金资助项目(61363084);云南大学第四批中青年骨干教师基金资助项目(XT412003);云南大学师资队伍建设基金资助项目(XT412001)~~

摘　　要：逻辑密钥分层(LKH)协议已经被证明在抗完全合谋攻击时,它通信开销的下界是O(log n),但是在一些资源受限或者商业应用场景中,用户仍然要求通信开销低于O(log n)。虽然,有状态的完全排外子树(SECS)协议具有常量通信开销的特性,却只能抵抗单用户攻击。考虑用户愿意牺牲一定安全性来降低通信开销的情况,利用LKH协议的完全抗合谋攻击特性和SECS协议具有常量通信开销的优势,设计并实现了一种混合的组密钥更新协议(HSECS)。H-SECS协议根据应用场景的安全级别来配置子组数目,在通信开销和抗合谋攻击能力之间作一个最优的权衡。理论分析及仿真实验表明,与LKH协议和SECS协议相比,H-SECS协议的通信开销可以在O(1)和O(log n)区间进行调控。Logical Key Hierarchy（ LKH） protocol has been proved that O（ log n） is the lower bound of the communication complexity when resisting complete collusion attacks. However, in some resource-constrained or commercial application environments, user still require the communication overhead below O（ log n）. Although Stateful Exclusive Complete Subtree（ SECS） protocol has the characteristic of constant communication overhead, but it can only resist single-user attacks.Considering the willingness of users to sacrifice some security to reduce communication overhead, based on LKH which has the characteristic of strict confidentiality, and combined with SECS which has constant communication overhead, a Hybrid Stateful Exclusive Complete Subtree（ H-SECS） was designed and implemented. The number of subgroups was configured by H-SECS according to the security level of application scenario to make an optimal tradeoff between communication overhead and collusion resistance ability. Theoretical analysis and simulation results show that, compared with LKH protocol and SECS protocol, the communication overhead of H-SECS can be regulated in the ranges between O（ 1） and O（ log n）.

关 键 词：有状态 组密钥更新 逻辑密钥分层协议 抗合谋攻击 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]